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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth 
in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
12/08/08 has been entered. 

Response to Arguments/Amendment 

2. In view of applicant's remarks and the amendment, the examiner once again 
reviewed the specification and noted that in the broadest reasonable interpretation, 
the VPN cited in the claim language could be interpreted as a virtual pirate network 
with the underling infrastructure implementing the VPN channel (e.g. nodes). Thus, 
the 35 U.S.C. 112, second paragraph rejection cited in the previous Office Action are 
withdrawn. 

3. As per the 35 USC §103 rejection over Jason in view Zhou and further in view of 
Pfleeger, applicant alleges that "the Office attempts to cobble three completely 
unrelated references in its argument to the contrary". However, the only support for 
the allegation is that none of the references teach all the limitation: e.g. Pfleeger 
does not mention a VPN and IKE traffic, and Zhou no filtering, etc. 

Applicant arguments are not persuasive. The examiner points out that applicant's 
claim language was rejected under 35 USC § 103 (over Jason in view Zhou and 
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further in view of Pfleeger) and not 35 USC § 1 02. It is noted that one cannot show 
nonobviousness by attacking references individually where the rejections are based 
on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 
(CCPA1981); In re Merck & Co., 800 F. 2d 1091,231 USPQ 375 (Fed. Cir. 1986). 
Furthermore, Jason, Zhou and Pfleeger's inventions are all directed towards 
computing art addressing network communication and, in particular, the security 
aspect of network communication traffic. Thus, the advantages of the systems of 
Jason, Zhou and Pfleeger's could have been easily combinable with more than 
reasonable expectations of success. 

4. Claims 1-31 have been examined. 

The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office Action. 

Claim Rejections - 35 USC § 103 

5. Claims 1-4, 7-8 and 9-11, 13-27 and 30-31 remain rejected under 35 U.S.C. 103(a) 
as being unpatentable over Jason (USPN 6636520) in view Zhou (J. Zhou, "Further 
analysis of the Internet key exchange protocol", Computer Communications, Volume 
23, Issue 17, 11/1/2000) and further in view of Pfleeger (Charles P. Pfleeger, 
"Security in computing", 2nd edition, 1996, ISBN: 0133374866). 
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As per claim 1, Jason (USPN 6636520) discloses a virtual private network (VPN1 
also referred to as T1) that enables a second VPN traffic (VPN2/T2, see Jason, Fig. 
2 and associated text). 

6. Jason does not disclose that the T2 uses IKE protocols. 

Zhou discloses the use of IKE protocols (e.g. Zhou, "1 . Introduction" and "2. IKE 
protocol"). It would have been obvious to an ordinary artisan to configure 12 
disclosed by Jason to use IKE protocols given the benefit of security. 
12 using IKE protocols equate to IKE traffic. 

7. Jason discloses that T1 is established prior to 12; thus, IKE traffic from outside the 
VPN flows into the VPN. Establishing T1 prior to 12 evidences that VPN connection 
precedes an IKE traffic management through VPN. 

8. Jason in view of Zhu disclose a first node within the VPN (e.g. 204 or 206) but is 
silent in regard to the node using a filter detection system for searching for IKE traffic 
permit filters. 

Pfleeger discloses a filter detection system for searching IKE traffic permit filters 
(firewalls such as screening routers or proxy gateways, Pfleeger pg. 429-431). 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to employ a filter detection system for searching IKE traffic permit filters on 
a first node as taught by Pfleeger given the benefit of enable only authorized traffic. 

9. As per newly introduced limitation, note that a first node (e.g. 204 or 206) is an 
endpoint in a VPN connection (see Fig. 2) and as such, the examiner equate the 
mechanism implementing VPN capabilities on the first node to a gateway. 
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1 0. Lastly, IKE traffic is freely allowed (either from 202 to 206 or from 206 to 202) in 
Jason in view of Zhou's invention. In other words, IKE traffic permit filters are not 
detected and IKE traffic is allowed to automatically through the VPN, which would 
equate to "automatically allowing IKE traffic from outside the VPN to flow into the 
VPN if the IKE traffic permit filters are not detected". 

1 1 .As per claim 3, node 206 equates to a second/remote node. (Note that for the 
purpose of claim 3, nodes 208 and/or 210 also read on a second node.) 

12. As per claim 4, IKE traffic as discussed by Jason in view of Zhu's invention, used to 
establishes tunnel T2, thus establishes security associations for a VPN connection 
between the first node and the second node. 

13. As per claim 7, a traffic management system implementing IKE traffic must have 
entries that identify the connection between nodes, IP address of connected nodes 
and security associations for the VPN connections; otherwise communicate traffic 
between these nodes would not be possible. Even if, somehow, implementing the 
traffic without these entries, using entries that identify the connection between nodes 
(e.g. a port) IP address of connected nodes and security associations is old and well 
known in the art of computer networking (e.g. Proxys, VPNs etc.), and including 
them would have been an obvious variation given the benefit of correct data 
communication. Also, given the fact that it is old and well known in the art that 
tables are used to store information (e.g. ACL, DNS entries etc.) it would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
employ tables to store the IKE traffic entries for motivation of a quick access to the 
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information. Additionally, as per claim 8, tunnel T1 and T2 equate to a nested VPN 
connections. 

1 4. Claims 9-11,1 3-27 and 30-31 are substantially equivalent to claims 2-8; therefore 
claims 9-11, 13-27 and 30-31 are similarly rejected. 

15. Claims 5-6, 12 and 28-29 remain rejected under 35 U.S.C. 103(a) as being 
unpatentable over Jason (USPN 6636520) in view Zhou (J. Zhou, "Further analysis 
of the Internet key exchange protocol", Computer Communications, Volume 23, 
Issue 17, 1 1/1/2000) and Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd 
edition, 1996, ISBN: 0133374866), and further in view Noehring (USPUB 
2002/0188871). 

16. Jason in view of Zhou and Pfleeger teach the first and the second node and the IKE 
traffic enablement system for automatically allowing IKE traffic from outside the VPN 
to flow into the VPN as discussed above. 

17. Jason in view of Zhou and Pfleeger do not teach the IKE traffic enablement system 
allowing refreshing IKE traffic (used to refresh security association) to flow between 
the first node and the second node. 

18. Noehring discloses an IKE traffic enablement system allowing refreshing IKE traffic 
(used to refresh security association) to flow between the first node and the second 
node (Noehrin, col. 15, claims 7-8, for example). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to enable the IKE traffic 
enablement system to refreshing IKE traffic (used to refresh security association) to 
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flow between the first node and the second node as taught by Noehring given the 
benefit of maintained connection after the expiration of the security associations. 
Note that IKE is used to establish a tunnel (VPN connection) between the first and 
the second node. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571 ) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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